Gallagher Website Design Security & Risk Analysis

wordpress.org/plugins/gallagher-website-design

Provides site features, videos on how-to edit your site, support, and tools developed by Gallagher Website Design.

70 active installs v2.6.9 PHP 5.2.4+ WP 4.6+ Updated Mar 4, 2026
gallaghergallagher-website-designwebsitewebsite-designwebsite-design-company
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 21, 2026
Safety Verdict

Is Gallagher Website Design Safe to Use in 2026?

Generally Safe

Score 99/100

Gallagher Website Design has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 21, 2026Updated 4mo ago
Risk Assessment

The "gallagher-website-design" plugin version 2.6.9 exhibits a generally good security posture with several strong practices in place. The complete absence of known CVEs and a robust implementation of prepared statements for SQL queries are significant strengths. The plugin also demonstrates a high level of output escaping, with only a small percentage of outputs not being properly handled, indicating a good awareness of XSS prevention. Furthermore, the code shows a focus on security by including nonce and capability checks, although only one of each is present across the analyzed entry points.

However, there are areas for improvement. The presence of one unsanitized path flow in the taint analysis, while not classified as critical or high severity, warrants investigation as it represents a potential avenue for exploitation. The plugin also makes four external HTTP requests, which can introduce risks if the target endpoints are compromised or if the data sent is not properly sanitized. The reliance on shortcodes as the primary entry points (7 total) is not inherently a security risk, but it does increase the attack surface that requires careful monitoring for any future vulnerabilities.

Overall, the plugin is well-maintained with no historical vulnerabilities, suggesting a proactive approach to security. The current static analysis reveals a low-risk profile, but the single unsanitized path and the external HTTP requests are points to monitor. The presence of only one nonce and one capability check across all entry points is a potential weakness if these checks are not comprehensively covering all critical functionalities.

Key Concerns

  • Unsanitized path flow detected
  • External HTTP requests made (4)
  • Limited security checks on entry points
Vulnerabilities
1 published

Gallagher Website Design Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-1913medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gallagher Website Design <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'prefix' Shortcode Attribute

Apr 21, 2026 Patched in 2.6.5 (1d)
Version History

Gallagher Website Design Release Timeline

v2.6.9Current
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.41 CVE
v2.6.11 CVE
v2.6.01 CVE
v2.5.41 CVE
v2.5.31 CVE
v2.5.21 CVE
v2.5.11 CVE
v2.5.01 CVE
v2.4.71 CVE
v2.4.61 CVE
v2.4.41 CVE
v2.4.31 CVE
v2.4.11 CVE
v2.41 CVE
v2.31 CVE
Code Analysis
Analyzed Mar 16, 2026

Gallagher Website Design Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
100 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

99% escaped101 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
add_admin_page_gwd_settings (gallagher-website-design.php:531)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Gallagher Website Design Attack Surface

Entry Points7
Unprotected0

Shortcodes 7

[instagram_feed] gallagher-website-design.php:882
[login_link] gallagher-website-design.php:1121
[forgot_password_link] gallagher-website-design.php:1131
[forgot_password] gallagher-website-design.php:1157
[cart_count] gallagher-website-design.php:1178
[cart_total] gallagher-website-design.php:1193
[my_account] gallagher-website-design.php:1204
WordPress Hooks 31
actionadmin_initgallagher-website-design.php:77
filterwp_check_filetype_and_extgallagher-website-design.php:106
filterupload_mimesgallagher-website-design.php:115
actionadmin_menugallagher-website-design.php:210
actionadmin_footergallagher-website-design.php:215
actionadmin_enqueue_scriptsgallagher-website-design.php:261
filteret_project_posttype_argsgallagher-website-design.php:741
filterthe_contentgallagher-website-design.php:755
filterwp_mail_fromgallagher-website-design.php:768
filterwp_mail_from_namegallagher-website-design.php:777
actionwpforms_process_validate_textareagallagher-website-design.php:796
actioninitgallagher-website-design.php:827
filterbody_classgallagher-website-design.php:911
actioninitgallagher-website-design.php:931
actioninitgallagher-website-design.php:976
actiontemplate_redirectgallagher-website-design.php:986
actionet_builder_readygallagher-website-design.php:1013
filterthe_contentgallagher-website-design.php:1074
actionlogin_enqueue_scriptsgallagher-website-design.php:1087
filterwp_nav_menu_argsgallagher-website-design.php:1240
actionwp_nav_menu_item_custom_fieldsgallagher-website-design.php:1247
actionwp_update_nav_menu_itemgallagher-website-design.php:1256
actionadmin_enqueue_scriptsgallagher-website-design.php:1263
filterthe_contentgallagher-website-design.php:1279
actionadmin_menugallagher-website-design.php:1309
actionwp_dashboard_setupgallagher-website-design.php:1310
actionadmin_bar_menugallagher-website-design.php:1311
actioninitgallagher-website-design.php:1316
actionwp_headgallagher-website-design.php:1324
filterwoocommerce_email_footer_textgallagher-website-design.php:1335
actionupgrader_post_installgallagher-website-design.php:1366
Maintenance & Trust

Gallagher Website Design Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version5.2.4
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs70
Developer Profile

Gallagher Website Design Developer Profile

Gallagher Website Design

2 plugins · 80 total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Gallagher Website Design

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gallagher-website-design/gwd-scripts.js/wp-content/plugins/gallagher-website-design/gwd-styles.css/wp-content/plugins/gallagher-website-design/admin/gwd-admin-styles.css/wp-content/plugins/gallagher-website-design/admin/gwd-admin-scripts.js
Version Parameters
gallagher-website-design/gwd-scripts.js?ver=gallagher-website-design/gwd-styles.css?ver=gallagher-website-design/admin/gwd-admin-styles.css?ver=gallagher-website-design/admin/gwd-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
gwd-theme-editor-buttonsgwd-theme-editor-buttonsgwd-theme-editor-buttonsgwd-theme-editor-buttons
Data Attributes
data-youtube-id
JS Globals
gwd_plugin_vars
REST Endpoints
/wp-json/gwd-plugin/v1/instagram/redirect/wp-json/gwd-plugin/v1/instagram/get-token
FAQ

Frequently Asked Questions about Gallagher Website Design